I tried searching for answers as to why these machines are reaching out to numerous locations despite not using PrusaConnect. Location lookup returns the expected Czech, as well as location across the US. I recently also set a friend up with with an Elegoo printer and that was expectedly noisy as hell, but I was surprised with Prusa being the ‘privacy pick’.

For those curious, here’s the logs since about midnight, it seemingly doesn’t talk during the day.

209.51.161.238:123
195.113.144.238:123
23.150.41.122:123
193.29.63.226:123
162.244.81.139:123
64.246.132.14:123
172.104.182.184:123
66.85.78.80:123
68.234.48.70:123
129.250.35.250:123

Edit: Midnight brain forgot what ports are for, and that is for NTP, thanks yall

    • mlfh@lemmy.sdf.org
      17·
      2 days ago

      Good opsec, really.

      Edit: also I just realized this is the Privacy community lol

        • N.E.P.T.R@lemmy.blahaj.zoneEnglish
          16·
          1 day ago

          I was taught in my IT Sec classes to avoid sharing any unnecessary information. Information on private IPs can be used to better understand your network, allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection). While it is most likely pointless (since OP probably isnt at risk of targeted attacks), it is still good opsec.

          • 7toed@midwest.socialOPEnglish
            4·
            24 hours ago

            since OP probably isnt at risk of targeted attacks

            While right, what fun is it using enterprise grade hardware if you’re not at least going to pretend to be serious with it 😁

          • mic_check_one_two@lemmy.dbzer0.comEnglish
            1·
            22 hours ago

            allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection)

            I mean, basically any device will send a DHCPDISCOVER broadcast on 255 when it connects, to see if there is a DHCP server on the network. Unless you’re running your entire network on pre-configured static addresses and have your router set up to intercept all broadcast messages (and treat the broadcasting device as hostile), any device plugging into the network would automatically broadcast a message anyways.

            And honestly, if you’re being that paranoid about your network, you’d probably be better off just using port security and a MAC whitelist instead. It would save you a lot of time with manually configuring IP addresses. That way any threat actor would only be able to connect if they already knew a whitelisted MAC. And gentle device discovery can also be automated without obvious brute force “ping every IP in the subnet at the same time, and blatantly scan common ports on responding IPs” network scans. They’ll take longer, (and passive scans may miss some devices) but they wouldn’t trip the rudimentary “watch for any device firing ping requests out to every single IP” scan detection. Passive scans can be particularly difficult to detect.

            • N.E.P.T.R@lemmy.blahaj.zoneEnglish
              1·
              21 hours ago

              The point of my comment wasn’t that OP was in “real danger” if they showed local IPs, just that it doesn’t hurt to censor them. Never give more information than necessary. I censor usernames and filepaths on any screenshots of the terminal, even though if an actor has the kind of access to utilize that information I am probably already fucked. I think it is good practice to always scrutinize the information you give out willingly.

        • 7toed@midwest.socialOPEnglish
          1·
          24 hours ago

          How much metadata do you need until its PII? What subnets exist and which devices are potentially leverageable are valid points in a threat model… maybe not entirely suited for everyone but I’m sure as hell my employer is unknowingly greatful for